portia: Privilege escalation tool
Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised
- Privilege escalation
- Lateral movement
- Convenience modules
Portia is a genus of jumping spider that feeds on other spiders – known for their intelligent hunting behavior and problem-solving capabilities usually only found in larger animals
A new functionality has been added. The new script is ‘hopandhack.py’.
The new script ‘hopandhack‘ can be used by attackers to automatic find and hunt hosts that are not directly accessible from the attacker’s machine. In some organizations, IT administrators have to use something called a ‘jump box’ or VPN to access the secure data center or PCI network where sensitive data are stored.
The ‘hopandhack’ script automates the process of finding hosts with the necessary routes to these secure network and compromises them. The functionality of hopandhack will be incorporated into Portia in the next week or so.
More details about the hopandhack script can be found at https://milo2012.wordpress.com/2017/09/21/jumping-from-corporate-to-compromising-semi-isolated-network/
How Portia Works
Copyright 2017 invalid-email-address